https://www.aquasec.com/tag/malware-attacks/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 11:02:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/lucifer-ddos-botnet-malware-is-targeting-apache-big-data-stack/ Wed, 21 Feb 2024 07:58:29 +0000 https://www.aquasec.com/?p=17472 Aqua Nautilus has unveiled a new campaign targeting Apache big-data stack, specifically Apache Hadoop and Apache Druid. Upon investigation, it was discovered that the attacker exploits existing misconfigurations and vulnerabilities within our Apache cloud honeypots to execute the attacks. The campaign employs a new variant of a well-known DDoS botnet that focuses on vulnerable Linux …]]> https://www.aquasec.com/blog/detecting-ebpf-malware-with-tracee/ Wed, 19 Jul 2023 09:30:46 +0000 https://www.aquasec.com/?p=14324 eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we have …]]> https://www.aquasec.com/blog/threat-alert-anatomy-of-silentbobs-cloud-attack/ Wed, 05 Jul 2023 11:01:13 +0000 https://www.aquasec.com/?p=14364 Aqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and …]]> https://www.aquasec.com/blog/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware/ Wed, 01 Feb 2023 16:33:47 +0000 https://www.aquasec.com/?p=14464 Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet …]]> https://www.aquasec.com/blog/cloud-security-trends-2023-part-one/ Wed, 21 Dec 2022 15:18:39 +0000 https://www.aquasec.com/?p=14520 As we think about what Cloud Native security will look like in 2023, we can’t avoid thinking about the old cat-and-mouse game cliché of cyber security. Every year new attacks emerge while new security solutions are created and old security fixes are upgraded. Threat actors constantly append new methods to the old ones, using them …]]> https://www.aquasec.com/blog/new-malware-in-the-cloud-by-teamtnt/ Thu, 15 Sep 2022 06:00:00 +0000 https://www.aquasec.com/?p=14626 Over the past week we observed three different attacks on our honeypots. The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure. …]]> https://www.aquasec.com/blog/intro-to-fileless-malware-in-containers/ Thu, 11 Aug 2022 16:49:52 +0000 https://www.aquasec.com/?p=14664 A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. Often, attackers may also use compression or encryption to cloak the malware file to avoid detection. Since …]]> https://www.aquasec.com/blog/fileless-malware-container-security/ Wed, 02 Dec 2020 16:19:29 +0000 https://www.aquasec.com/?p=15406 Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. This malware is using a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory — leaving a backdoor that enables attackers …]]> https://www.aquasec.com/blog/threat-alert-kinsing-malware-container-vulnerability/ Fri, 03 Apr 2020 09:00:00 +0000 https://www.aquasec.com/?p=15609 Lately we’ve been witnessing a rise in the number of attacks that target container environments. We’ve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily basis. These are the highest numbers …]]>